Work place: Shaheed Zulfikar Ali Bhutto Institute of Science and Technology, Islamabad, Pakistan
E-mail: akhunzada.shoaib@gmail.com
Website:
Research Interests: Artificial Intelligence, Computer Architecture and Organization, Data Mining, Data Structures and Algorithms
Biography
Shuaibur Rahman obtained MS degree in Computer Science from Shaheed Zulfikar Ali Bhutto Institute of Science and Technology, Islamabad, Pakistan. His research areas include artificial intelligence, digital forensics and data mining techniques.
By Shuaibur Rahman M. N. A. Khan
DOI: https://doi.org/10.5815/ijmecs.2016.06.07, Pub. Date: 8 Jun. 2016
The field of digital forensic analysis has emerged in the past two decades to counter the digital crimes and investigate the modus operandi of the culprits to secure the computer systems. With the advances in technologies and pervasive nature of the computing devices, the digital forensic analysis is becoming a challenging task. Due to ease of digital equipment and popularity of Internet, criminals have been enticed to carry out digital crimes. Digital forensic is aimed to investigate the criminal activity and bring the culprits to justice. Traditionally the static analysis is used to investigate about an incident but due to a lot of issues related the accuracy and authenticity of the static analysis, the live digital forensic analysis shows an investigator a more complete picture of memory dump. In this paper, we introduce a module for profiling behavior of application programs. Profiling of application is helpful in forensic analysis as one can easily analyze the compromised system. Profiling is also helpful to the investigator in conducting malware analysis as well as debugging a system. The concept of our model is to trace the unique process name, loaded services and called modules of the target system and store it in a database for future forensic and malware analysis. We used VMware workstation version 9.0 on Windows 7 platform so that we can get the detailed and clean image of the current state of the system. The profile of the target application includes the process name, modules and services which are specific to an application program.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals